From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752215AbbCKQnw (ORCPT ); Wed, 11 Mar 2015 12:43:52 -0400 Received: from emvm-gh1-uea09.nsa.gov ([63.239.67.10]:51934 "EHLO emvm-gh1-uea09.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751181AbbCKQnt (ORCPT ); Wed, 11 Mar 2015 12:43:49 -0400 X-TM-IMSS-Message-ID: <5bdb59d5000d7624@nsa.gov> Message-ID: <5500708B.3050101@tycho.nsa.gov> Date: Wed, 11 Mar 2015 12:42:51 -0400 From: Stephen Smalley Organization: National Security Agency User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Casey Schaufler , James Morris , James Morris , LSM , LKLM CC: Paul Moore , John Johansen , Tetsuo Handa , Eric Paris , Kees Cook Subject: Re: [PATCH 6/7 v21] LSM: Switch to lists of hooks References: <54FE4553.3000209@schaufler-ca.com> <54FE46EF.4000708@schaufler-ca.com> In-Reply-To: <54FE46EF.4000708@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/09/2015 09:20 PM, Casey Schaufler wrote: > Subject: [PATCH 6/7 v21] LSM: Switch to lists of hooks > > Instead of using a vector of security operations > with explicit, special case stacking of the capability > and yama hooks use lists of hooks with capability and > yama hooks included as appropriate. > > The security_operations structure is no longer required. > Instead, there is a union of the function pointers that > allows all the hooks lists to use a common mechanism for > list management while retaining typing. Each module > supplies an array describing the hooks it provides instead > of a sparsely populated security_operations structure. > The description includes the element that gets put on > the hook list, avoiding the issues surrounding individual > element allocation. > > The method for registering security modules is changed to > reflect the information available. The method for removing > a module, currently only used by SELinux, has also changed. > It should be generic now, however if there are potential > race conditions based on ordering of hook removal that needs > to be addressed by the calling module. > > The security hooks are called from the lists and the first > failure is returned. > > Signed-off-by: Casey Schaufler > > --- > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 0c45f08..3fd8610 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2008,24 +2002,12 @@ static int selinux_ptrace_access_check(struct task_struct *child, > > static int selinux_ptrace_traceme(struct task_struct *parent) > { > - int rc; > - > - rc = cap_ptrace_traceme(parent); > - if (rc) > - return rc; > - > return task_has_perm(parent, current, PROCESS__PTRACE); > } > > static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, > kernel_cap_t *inheritable, kernel_cap_t *permitted) > { > - int error; > - > - error = current_has_perm(target, PROCESS__GETCAP); > - if (error) > - return error; > - > return cap_capget(target, effective, inheritable, permitted); Deleted the wrong code here. > } And failed to delete the cap_capset() call from selinux_capset(), and the cap_capable() call from selinux_capable(), so we're calling that code twice after the patch.